Your data.
Three independent controllers.
MANSSA Foundation, the Moroccan regulated entity, and MANSSA Labs SARL each process personal data as independent controllers for their own operational scope. This policy governs data collection, legal bases, user rights, and DPO contacts under Swiss nFADP, Moroccan Law 09-08, EU GDPR, and CCPA.
Last updated: June 2026
« No advertising cookies. No data sale. No joint profiling across entities. »
The desolidarization of the three entities extends to their respective data processing activities. Each entity is independently responsible for data processed in connection with its own activities. The reference to "MANSSA®" in this policy designates the three entities collectively for readability only; it does not create joint controllership. Each entity has designated a distinct Data Protection Officer accessible at the contact addresses below.
Article 1. Data Controllers
The data controllers for the processing of personal data collected through manssa.io are the three entities of the MANSSA® protocol, each acting as an independent controller:
MANSSA Foundation
Swiss Stiftung — for institutional communications, protocol governance, and site analytics.
MANSSA — Regulated Entity (Morocco)
Incorporated in Morocco (Bill 42.25) — for regulated commercial activities, LaunchLab applicant data, and investor-related communications.
MANSSA Labs SARL
Incorporated in Morocco — for technical operations data, including infrastructure logs and oracle system data.
Each entity processes data only for purposes falling within its own operational scope and is independently responsible for that processing.
Article 2. Applicable Regulatory Frameworks
Swiss Federal Act on Data Protection (nFADP)
MANSSA Foundation, as a Swiss Stiftung, applies the Swiss revised Federal Act on Data Protection (nFADP, in force September 2023), which establishes obligations for data controllers regarding lawfulness, transparency, purpose limitation, and data subject rights for individuals in Switzerland and abroad.
Moroccan Law 09-08 on Data Protection
The Moroccan regulated entity and MANSSA Labs SARL comply with Moroccan Law 09-08 on the protection of individuals with regard to the processing of personal data, supervised by the Commission Nationale de contrôle de la Protection des Données à caractère Personnel (CNDP).
EU General Data Protection Regulation (GDPR)
Where personal data of individuals located in the European Economic Area (EEA) is processed, MANSSA Foundation applies the requirements of Regulation (EU) 2016/679 (GDPR), including the lawfulness, fairness and transparency principles, purpose limitation, data minimization, and data subject rights.
California Consumer Privacy Act (CCPA)
California residents have rights under the CCPA as amended by the California Privacy Rights Act (CPRA), including the right to know, the right to delete, the right to opt-out of the sale of personal information, and the right to non-discrimination. MANSSA Foundation does not sell personal information.
Article 3. Data We Collect
3.1 — Analytics Data
We collect anonymized or pseudonymized analytics data to understand how visitors use manssa.io: page views, session duration, navigation paths, browser type, device type, and approximate geographic region (country level). This data does not identify you individually and is processed on the basis of legitimate interest in improving the site experience.
3.2 — Contact Form Data
When you use a contact form or send an email to an @manssa.io address, we collect the data you provide: name, email address, organization, and message content. This data is processed for the purpose of responding to your inquiry, on the basis of our legitimate interest in managing institutional communications, or, where required, on the basis of your consent.
3.3 — Cookies and Tracking Technologies
manssa.io uses strictly necessary cookies (required for site function, not subject to consent), analytics cookies (anonymized data on site usage, requiring consent where applicable), and preference cookies (language EN/FR and display settings, processed on legitimate interest). No advertising cookies or third-party tracking pixels are deployed on manssa.io.
3.4 — Technical Infrastructure Logs
As standard practice, our hosting infrastructure (Vercel) retains server access logs including IP addresses, request timestamps, and HTTP response codes. These logs are retained for a maximum of 90 days and are used exclusively for security monitoring and infrastructure diagnostics. They are not used for profiling or marketing purposes.
Article 4. Legal Bases for Processing
Consent
Analytics cookies where required by applicable law. You may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.
Legitimate interest
Analytics for site improvement, security logs, language preference cookies, and institutional correspondence management. We have conducted a balancing test confirming that our legitimate interests do not override your fundamental rights.
Legal obligation
Retention of certain data where required by applicable law, including anti-money laundering obligations applicable to the Moroccan regulated entity under BAM + AMMC regulations (Bill 42.25).
Contract performance
Where you enter into any agreement with a MANSSA® entity, data necessary for the performance of that agreement is processed on this basis.
Article 5. Data Retention
Personal data is retained only for the period necessary to fulfill the purpose for which it was collected, or as required by applicable law:
Analytics data: 13 months maximum, then anonymized or deleted.
Contact form submissions: 24 months from the date of submission, unless an ongoing relationship requires longer retention.
Server access logs: 90 days.
Contractual and compliance records: minimum 5 years for financial records under requirements applicable to the Moroccan regulated entity (Bill 42.25 — BAM + AMMC).
Article 6. Your Rights
Subject to applicable law and the nature of the processing, you have the following rights with respect to your personal data:
Right of access
Obtain confirmation of whether we process your data and receive a copy.
Right to rectification
Require correction of inaccurate or incomplete personal data.
Right to erasure
Request deletion of your data where no legal basis for retention exists.
Right to portability
Receive your data in a structured, machine-readable format.
Right to object
Object to processing based on legitimate interest, including for direct marketing.
Right to restrict
Request restriction of processing pending resolution of a dispute about accuracy or lawfulness.
Right to withdraw consent
Withdraw consent at any time where processing is based on consent, without retroactive effect.
Right to lodge a complaint
Lodge a complaint with the relevant supervisory authority in your jurisdiction.
To exercise any of these rights, submit a written request to the DPO contact below. We will respond within one month of receipt. This period may be extended by two months where requests are complex or numerous.
Article 7. International Data Transfers
Personal data may be transferred to and processed in countries outside your jurisdiction of residence, including Switzerland, Morocco, and the United States (for hosting services). Where such transfers occur involving data of EEA-resident individuals, they are governed by appropriate transfer mechanisms recognized under the GDPR, including Standard Contractual Clauses (SCCs) approved by the European Commission. Transfers involving data of Swiss-resident individuals comply with Swiss nFADP transfer requirements. Transfers involving data of Moroccan-resident individuals comply with the requirements of Moroccan Law 09-08.
Regulatory frameworks
Swiss nFADP
Foundation — Swiss jurisdiction. In force September 2023.
Moroccan Law 09-08
Regulated Entity + Labs SARL — CNDP supervision
GDPR
EEA data subjects — Regulation (EU) 2016/679
CCPA / CPRA
California residents — California Consumer Privacy Act
DPO Contact & Ratification
All data protection inquiries, subject access requests, and complaints should be directed to the relevant entity DPO:
Data Protection — MANSSA®
MANSSA Foundation DPO: foundation@manssa.io
MANSSA Regulated Entity (Morocco) DPO: manssa@manssa.io
MANSSA Labs SARL DPO: labs@manssa.io
Please specify in your request which entity (Foundation, the Regulated Entity in Morocco, or Labs SARL) the request relates to, the nature of your inquiry, and the right you wish to exercise. We handle each entity's data protection independently.
Last updated: June 2026
Applicable frameworks: Swiss nFADP · Moroccan Law 09-08 · EU GDPR · CCPA. This policy may be updated periodically to reflect changes in applicable law or data processing practices.
The protocol is doctrinal.
The conversation is open.
Read the whitepaper for the full architecture. Or request a confidential briefing — for sovereign partners, institutional allocators, and African builders.
8 / 8
anti-ZiG principles
built in, not promised
7-of-9
treasury approvals
signatures needed to move funds
3
jurisdictions
Switzerland · Morocco · OHADA
2027
TGE horizon
token launch — doctrine opposable